Open, secure, scalable, reliable UNIX operating system for
IBM Power Architecture servers
AIX Version 6.1
Highlights
■ Next generation of IBM’s well-
proven, scalable, open
standards-based UNIX®
operating system
■ New features for virtualization,
security, availability and man-
ageability designed to make
AIX® 6 even more flexible,
secure and available than
previous versions
The next step in the evolution of the
UNIX OS
Businesses today need to maximize the
return on investment in information
technology. Their IT infrastructure
should have the flexibility to quickly
adjust to changing business computing
requirements and scale to handle ever
expanding workloads—without adding
complexity. But just providing flexibility
and performance isn’t enough; the IT
infrastructure also needs to provide
rock solid security and near-continuous
availability and while managing energy
■ Built on IBM POWER6™ tech-
and cooling costs.
nology and virtualization to help
deliver superior performance,
These are just some of the reasons why
increase system utilization and
more and more businesses are choos-
efficiency, provide for easy
ing the AIX operating system (OS) run-
administration and reduce
ning on IBM systems designed with
total costs
Power Architecture® technology. With
its proven scalability, advanced virtual-
ization, security, manageability and reli-
ability features, the AIX OS is an
excellent choice for building an IT infra-
structure. And, AIX is the only operating
system that leverages decades of
IBM technology innovation designed to
provide the highest level of performance
and reliability of any UNIX operating
system.
The newest version of AIX, Version 6.1,
is binary compatible with previous ver-
sions of the AIX OS, including AIX 5L™
and even earlier versions of AIX. This
means that applications that ran on
earlier versions will continue to run
on AIX 6.1—guaranteed. AIX 6.1 is an
1
open standards-based UNIX OS that is
designed to comply with the Open
Group’s Single UNIX Specification
Version 3.
AIX 6.1 runs on systems based on
POWER4™, PPC970, POWER5™ and
the latest generation of POWER™
processor, POWER6. Most of the new
features of AIX 6.1 are available on the
earlier POWER processor-based plat-
forms, but the most capability is deliv-
ered on systems built with the new
POWER6 processors. The AIX OS is
designed for the IBM Power™,
System p™, System i™, System p5™,
System i5™, eServer™ p5, eServer
pSeries® and eServer i5 server product
lines, as well as IBM BladeCenter®
blades based on Power Architecture
technology and IBM IntelliStation®
POWER workstations.
AIX 6.1 extends the capabilities of the
AIX OS to include new virtualization
approaches including the ability to relo-
cate applications between systems
without restarting the application,
new security features to improve and
simplify security administration, new
availability features inspired by
IBM legacy systems and numerous fea-
tures designed to make the AIX OS
easier and less expensive to manage.
This AIX release underscores IBM’s firm
commitment to long-term UNIX innova-
tions that deliver business value. This
release of AIX continues the evolution of
the UNIX OS that started in Austin,
Texas, with AIX on the RT PC and the
RISC Systems/6000™ (RS/6000).
PowerVM
● Workload Partitions
AIX 6.1 introduces a new, software-based,
virtualization approach called PowerVM™
Workload Partitions (WPARs). WPARs
enable the creation of multiple virtual
AIX 6.1 environments inside of a single
AIX 6.1 instance. Each WPAR can have a
unique “root” administrator, network
addresses, filesystems and security con-
text (users and groups). WPARs share a
regulated portion of the processing and
I/O resources of the global instance but
are isolated from the processes and users
in other WPARs or in the global instance.
WPARs are unique in that they are the
only software-based virtualization
approach designed from the beginning to
be movable between systems. This capa-
bility, call PowerVM Live Application
Mobility, is described below.
You can use PowerVM Workload
Partitions to save administrative overhead
when consolidating systems, by reducing
the number of AIX instances that have to
be managed. For example, instead of
applying patches to multiple copies of
AIX 6.1, using WPARs, you can patch the
global instance, and all WPARs inherit that
same patch level. This helps manage
growth by allowing you to concentrate on
managing applications instead of spend-
ing time on repetitive administration tasks.
Each PowerVM Workload Partition can be
separately administered from other
WPARs in the system. For example, each
WPAR can have unique users and groups
and a unique root administrator. The root
user for a WPAR cannot take actions that
would affect the global instance or other
WPARs. This isolation provides for further
savings through delegation of administra-
tive work.
PowerVM Workload Partitions share a
single AIX 6.1 instance, so there is less
isolation than there is with logical parti-
tions (LPAR) in which each LPAR has its
own independent copy of AIX 6.1.
Feedback from users of AIX 6.1 is
that WPARs provide enough isolation for
many workloads—at a substantial savings
of administrative effort. WPARs can be
used inside of LPARs, allowing the combi-
nation of the two technologies to leverage
the superior isolation of LPARs with the
administrative ease of WPARs.
AIX 6.1 provides for two types of
Workload Partitions—System WPARs and
Application WPARs:
— System WPARs look like inde-
pendent AIX 6.1 instances. They
have their own copies of many
system services like init and mail,
they can be logged into via telnet,
and they have their own users and
groups.
— Application WPARs are much
simpler; an Application WPAR is
simply a wrapper around an appli-
cation that makes it more man-
ageable. Application WPARs run
inside of the global instance and
do not have their own administra-
tor, filesystems or security context.
All processes running inside of an
Application WPAR can be grouped
together for management, includ-
ing resource controls. Because
Application WPARs are not run-
ning their own copies of system
processes like init, they have an
even smaller resource footprint
than System WPARs.
AIX 6.1 includes Workload Partitions as
part of the base operating system.
WPARs can be created and managed
on a single AIX 6.1 instance using
SMIT and command line interfaces.
IBM also provides a new licensed pro-
gram product, the IBM PowerVM
Workload Partitions Manager™ for AIX
(WPAR Manager) that lets you manage
WPARs across multiple systems. The
WPAR Manager product is available
separately; it is not part of AIX 6.1.
● Live Application Mobility
Workload Partitions can be moved from
one system to another without restarting
the application or causing significant dis-
ruption to the application end user. This
process is called PowerVM Live
Application Mobility, a feature of AIX 6.1
and the Workload Partitions Manager for
AIX (WPAR Manager). During the reloca-
tion process, the WPAR Manager first cre-
ates a checkpoint of the Workload
Partition, then the memory and other
WPAR configuration information is moved
to the target system, and finally, the
WPAR is resumed on the new system—
right where it left off. Applications do not
have to be restarted because the entire
WPAR, including the application context,
has been moved to the target system.
The WPAR Manager will also typically be
used to control the relocation, but com-
mand line interfaces can also be used.
PowerVM Live Application Mobility can
provide several benefits: first, it allows
some outages to be avoided by moving
the application off of a system that needs
to be shut down for maintenance; sec-
ond, it can be used to balance workloads
across several systems—automatically or
manually; and finally, it can be used to
move workloads off servers during non-
peak periods so that those servers could
be turned off—saving energy.
PowerVM Live Application Mobility is a
feature of AIX 6.1 and the WPAR Manager
and can be used on any hardware sup-
ported by AIX 6.1.
Security features
Providing for a secure computing envi-
ronment has always been a key goal for
the AIX OS. AIX 6.1 is designed to be
compliant under the Common Criteria
at Common Access Protection
Profile/Evaluation Assurance Level 4+,
including the Role Based Access
Control Protection Profile (RBACPP)
and the Labeled Security Protection
Profile (LSPP). It includes many new
features that can increase security while
reducing the effort needed to provide a
secure infrastructure:
● Role Based Access Control
Role Based Access Control (RBAC) pro-
vides improved security and manageability
by allowing administrators to grant author-
ization for management of specific AIX 6.1
resources to users other than root. RBAC
can also be used to associate specific
management privileges with programs,
which can reduce the need to run those
programs under the root user or via
setuid. RBAC improves security by reduc-
ing the number of root users required to
manage systems. It can reduce adminis-
trative costs and improve administrative
efficiency by allowing secure delegation of
routine administrative tasks to non-root
users.
● Trusted AIX
Trusted AIX extends the security capabili-
ties of the AIX OS by integrating compart-
mentalized, multilevel security (MLS) into
the base operating system to meet critical
government and private industry security
requirements. Trusted AIX is implemented
as an installation option that can provide
the highest levels of label-based security
to meet critical government and private
industry security requirements. Trusted AIX
supports various MLS features such as
partitioned directories, trusted networking
and labeled printing.
● Encrypting Filesystem
The IBM Enhanced Journaled Filesystem
Extended (JFS2) adds even greater data
security with the capability to encrypt the
data in a filesystem. Clients can select
from a number of different encryption
algorithms. The encrypted data can even
be backed up in encrypted format, reduc-
ing the risk of data being compromised if
backup media is lost or stolen. The
Encrypting Filesystem can even help pre-
vent the compromise of data by root level
users. The Encrypting Filesystem does not
require significant additional administrative
effort because the key management is
automatic and fully integrated into the
login authentication process.
● AIX Security Expert
The AIX Security Expert was introduced
with Technology Level 5 update to the
AIX 5.3 OS, and provides clients with
the capability to manage more than
300 system security settings from a single
interface. To configure security on a sys-
tem, you start with a template that pro-
vides the initial configuration and then
customize to fit security requirements. The
Security Expert provides four templates:
high, medium or low security or a
Sarbanes Oxley template designed to help
you become compliant with the security
requirements of the Sarbanes Oxley Act.
Once the Security Expert has been used
to configure security on a system, you can
export those security settings and use
them to set other systems identically. With
AIX 6.1, you can even store these security
configurations directly in a Lightweight
Directory Access Protocol (LDAP)
directory—simplifying implementation of
consistent security across an entire
enterprise.
● Secure by Default Installation Option
The AIX 6.1 installation process will offer a
new option, Secure by Default that
enables only the minimal number of sys-
tem and network services to provide the
maximum amount of security. Secure by
Default works best when used in conjunc-
tion with the AIX Security Expert to tightly
control the security configuration of each
system.
● Trusted Execution
In Trusted Execution mode, AIX 6.1 will
verify the integrity programs at execution
time. This can increase security by reduc-
ing the possibility that tampered programs
could be used to compromise the security
of the system. A signature (SHA256/RSA)
database for important system files is cre-
ated automatically as part of the regular
AIX 6.1 install. The Trusted Execution tool
can be used to check the integrity of the
system against the database. Also the
administrator can define policies such that
the loads of files listed in the database are
monitored and execution/loads not
allowed if hashes do not match.
Additionally the administrator can lock the
signature database or the files in the data-
base from being modified by any one in
the system, including root.
● Support for Long Pass Phrases
AIX 6.1 and AIX 5.3 Technology Level
7 will support greater than eight character
passwords for authentication of users.
These releases will provide for storing of
passwords using encryption algorithms
such as SHA/256/512, MD5 etc. System-
wide controls can be configured by the
administrator to choose the algorithm as
well as the size of the password which
could be up to 255 characters. Enhanced
support will also include support for pass
phrases.
In addition to these new features,
AIX 6.1 provides a wide range of other
integrated security features—all
designed to provide a high level of con-
fidence in the safety of mission-critical
processes and applications.
Near-continuous availability features
Over the years, the AIX OS has
included many reliability features
inspired by IBM legacy technologies.
The release of AIX 6.1 introduces
unprecedented availability features to
the UNIX market that can help reduce
planned and unplanned outages. These
features include:
● Concurrent AIX Kernel Updates
Concurrent AIX updates provides a new
capability to deliver some kernel updates
as interim fixes that will not require a sys-
tem reboot to put into effect. This can
reduce the number of unplanned outages
required to maintain a secure, reliable
system.
● Kernel Support for POWER6
Storage Keys
This AIX 6.1 feature brings a mainframe-
inspired reliability capability to the UNIX
market for the first time. Enabled by the
POWER6 processor, Storage Keys can
reduce the number of intermittent outages
associated with undetected memory over-
lays inside the AIX kernel and kernel
extensions. Applications can also use the
POWER6 Storage Keys feature to
increase the reliability of large, complex
applications running under the AIX 5.3 or
AIX 6.1 releases.
● Dynamic Tracing
AIX 6.1 provides a new dynamic tracing
capability that can simplify debugging
complex system or application code. This
dynamic tracing facility will be introduced
through a new tracing command, probe-
vue, which allows a developer or system
administrator to dynamically place probes
in existing application or kernel code,
without requiring special source code or
even recompilation. probevue is very flexi-
ble, allowing dynamic specification of the
data to be captured at probe points and
providing the ability to associate execution
pre-conditions with a given probe.
● Non-intrusive Service Aids
AIX 6.1 service aids are designed to mini-
mally impact performance and availability.
Second Failure Data Capture (SFDC) tech-
nology involves building highly tunable
diagnostic and data capture features into
the operating system, but only enabling
them after problem diagnosis has started.
The result is faster, less-disruptive problem
determination, without the need to install
special “debug” code. AIX 6.1 also intro-
duces a mainframe-inspired live dump
facility which allows selected subsystems
to dump their diagnostic information for
subsequent service analysis, without
requiring a full system dump and partition
outage. For those problems that still
require a partition restart in order to
recover, AIX 6.1 provides a firmware-
assisted dump mode on systems based
on POWER6 processor technology. In this
new mode, AIX 6.1 cooperates with sys-
tem firmware to write the First Failure Data
Capture (FFDC) information to the dump
device using the restarted AIX 6.1 image,
rather than writing to the dump device at
the time of the failure. The result is fewer
dump failures which can enable quicker
problem determination and resolution.
● Enhanced Software FFDC
IBM has included many availability fea-
tures in the AIX 5.3 and earlier releases.
One of the key innovations used to
improve the reliability, availability and serv-
iceability features of the AIX OS was the
introduction of FFDC technology. As a
concept borrowed from IBM hardware reli-
ability features, FFDC gathers diagnostic
information about a problem at the time
the problem occurs–dramatically reducing
the need to recreate the problem (and
impact performance and availability) at a
later time to generate diagnostic informa-
tion. Because clients do not typically inter-
act with this technology, it is one of the
“hidden innovations” that is largely unseen
but is designed to help increase the over-
all reliability, serviceability and most impor-
tant, availability of the AIX OS. AIX 6.1
builds on the FFDC capabilities introduced
in previous AIX releases by introducing
even more instrumentation to provide real
time diagnostic information.
● Functional Recovery Routines
When many operating systems other than
IBM z/OS® encounter a severe problem
inside the heart of the OS, they crash.
AIX 6.1 is the first UNIX OS to introduce
new technology that can, in some cases,
recover from errors that would otherwise
cause the operating system to crash. This
is just another example of a feature
inspired by IBM’s legacy technology and
designed to improve the reliability of AIX,
our premier UNIX OS.
Manageability features
Many of the features already described
such as Workload Partitions, Live
Application Mobility, Role Based Access
Control, AIX Security Expert, and AIX
Concurrent Updates can significantly
improve the administrative efficiency of
managing the AIX OS, particularly as
AIX environments grow. AIX 6.1 also
includes additional features specifically
intended to improve the manageability
of the AIX OS:
● IBM Systems Director Console for AIX
This new management interface allows
administrators to manage AIX 6.1
remotely through a browser. The
IBM Systems Director Console for AIX
(console) provides responsive Web access
to common systems management tools
such as the Systems Management
Interface Tool (SMIT). The console is
included as part of AIX 6.1—no other
products are required to use it other than
a Web browser. The console is named
after the IBM Systems Director because it
is built on the same graphical user inter-
face as the IBM Systems Director. The
console also provides the capability to
securely run administrative commands on
multiple systems.
● Automatic Variable Page Size for
POWER6
AIX 6.1 will automatically manage the size
of pages used when it is running on a
system based on POWER6 processors.
AIX 6.1 will automatically use 4K, 64K or a
combination of those page sizes to opti-
mize performance without administrative
effort. This self tuning feature can be con-
trolled by the administrator but the default
behavior is to let AIX 6.1 manage page
sizes automatically.
● Solution Performance Tuning
The default tuning parameters for AIX 6.1
have been changed to provide much bet-
ter performance for most applications
right out of the box. In many cases,
administrators can get good applications
performance without the need to make
any tuning changes.
● Name Resolver Caching Daemon
This daemon caches requests to resolve a
hostname, service or netgroup to improve
the efficiency of subsequent requests for
the same information. Use of this facility
can dramatically improve the performance
of applications that are dependent on
repeated requests for name resolution.
● Graphical Installation
This new installation option is intended
primarily for use by administrators with
limited AIX installation experience.
Graphical Installation simplifies the installa-
tion process but includes options to navi-
gate to the traditional installation menus if
required.
● Network Installation Manager Support
for NFSv4
The Network Installation Manager (NIM)
has been enhanced to provide additional
security features and flexibility by enabling
the use of NFS version 4. NIM can use
NVSv4 to provide stronger, Kerberos-
based security during the installation of
AIX 6.1 and other software.
AIX 6.1 Feature Platforms Supported

PowerVM Workload Partitions POWER4, PPC970, POWER5 and POWER6

PowerVM Live Application Mobility POWER4, PPC970, POWER5 and POWER6

Application Storage Keys POWER6 (also supported by AIX 5.3)

Kernel Storage Keys POWER6

Automatic Variable Page Size POWER6

Firmware Assisted Dump POWER6

Hardware Decimal Floating-Point POWER6 (also supported by AIX 5.3)

Role Based Access Control POWER4, PPC970, POWER5 and POWER6

Encrypting Filesystem POWER4, PPC970, POWER5 and POWER6

Trusted AIX POWER4, PPC970, POWER5 and POWER6

probevue Dynamic Tracing POWER4, PPC970, POWER5 and POWER6

Platform Support
AIX Version 6.1 will run on systems
based on POWER4, PPC970,
POWER5 and POWER6 processors.
Most features of AIX 6.1 are available
on all supported hardware. A few fea-
tures are only available when AIX 6.1 is
running on a system built with
POWER6 processors. The table below
lists selected features of AIX 6.1 and
whether those features require
POWER6 processors.
AIX 6.1 only supports the 64-bit kernel.
32-bit and 64-bit applications that
ran on AIX 5L will continue to run
unchanged on AIX 6.1, but 32-bit ker-
nel extensions and device drivers are
not supported on AIX 6.1.
IBM systems based on the POWER6
processor such as the Power 570 pro-
vide additional virtualization capabilities
of the PowerVM feature that are sup-
ported by AIX 5.3 as well as AIX 6.1.
These features include:
● PowerVM Live Partition Mobility
This new capability of POWER6
processor-based systems allows an entire
logical partition to be relocated from one
server to another while end users are
using applications running in the partition.
The relocation is transparent to the end
user and occurs with no application
downtime. Like PowerVM Live Application
Mobility, Live Partition Mobility can enable
increased availability, workload balancing
and energy savings.
● Shared Dedicated Capacity
This new configuration option for dedi-
cated processor partitions enables the
administrator to donate excess processor
cycles to a Shared Processor Pool without
affecting the workload running in the dedi-
cated processor partition.
● Multiple Shared Processor Pools
Most POWER6 processor-based systems
support multiple separate Shared
Processor Pools. This feature can be
used for additional control of processor
resource allocations and potentially can
reduce the license charges for applica-
tions running in a micro-partition.
Open source flexibility
AIX 6.1 offers a wide range of system
interoperability features and open
source tools to enable Linux® applica-
tions to be recompiled and run in a
native AIX 6.1 environment. AIX affinity
with Linux can promote faster and less
costly deployment of multi-platform,
integrated solutions. Many solutions
developed for Linux will run on AIX 6.1
with a simple recompilation of the
source code. IBM provides the AIX
Toolbox for Linux Applications, which is
a collection of open source and GNU
software commonly found with Linux
distributions. Because the applications
run on AIX, businesses can combine
the flexibility of Linux with the
advanced features of AIX 6.1, including
advanced workload management,
sophisticated systems management
tools, scalability and security.
AIX Expansion Pack
The AIX Expansion Pack extends the
base operating system by providing an
integrated directory server, encryption
support, an HTTP server to serve online
publication pages and support Web-
based System Manager and a number
of other useful applications. The AIX
Expansion Pack also includes new,
supported versions of the lsof, openssh
and openssl administrative tools.
Service and support to help keep
businesses running
AIX 6.1 provides a platform that lets
you get the most out of today’s applica-
tions while positioning your business for
the future. And like all Power Systems
products, AIX 6.1 is backed by IBM’s
worldwide service and support.
AIX Version 6.1 New Features

Feature Benefits

Virtualization

PowerVM Workload Partitions ● Reduced administration, improved system efficiency

PowerVM Live Application Mobility ● Increased application availability, enhanced workload manageability and energy savings

PowerVM Live Partition Mobility ● Increased application availability, enhanced workload manageability and
energy savings * **

Multiple Shared Processor Pools ● Greater resource management flexibility and reduced application software expense * **

Shared Dedicated Processors ● Improved server utilization * **

Security

Role Based Access Control ● Improved security, decreased administration costs

Encrypting Filesystem ● Improved security

Trusted AIX ● Highest level of security for critical government and business workloads

AIX Security Expert ● Improved security, decreased administration costs by enabling federated management of
security across multiple AIX systems

Secure by Default ● Improved security on initial installations of AIX 6.1

Trusted Execution ● Improved security

Filesystem Permissions Tool ● Improved security

Feature Benefits

Near-continuous Availability

Concurrent AIX Updates ● Greater system availability, improved security by enabling critical security patches to be
installed without causing an outage

Storage Keys ● Improved AIX availability* and improved application availability**

Dynamic Tracing ● Easier resolution to application execution and performance problems

Enhanced First Failure Data Capture ● Increased AIX reliability and quicker problem resolution

Non-intrusive Service Aids ● Increased AIX reliability and quicker problem resolution

Functional Recovery Routines ● Increased AIX and application reliability and availability

Manageability

PowerVM Workload Partitions ● Reduced administrative expense by reducing the number of AIX operating systems to
maintain. Greater flexibility to deploy and manage workloads

PowerVM Live Application Mobility ● Improved flexibility to improve application availability and performance and to reduce
energy costs

PowerVM Workload Partitions Manager ● Reduced management costs by providing federated management of workload partitions
across the enterprise

PowerVM Live Partition Mobility ● Improved flexibility to improve application availability and performance and to reduce
energy costs * **

IBM System Director Console for AIX ● Reduced administrative costs and improved administrative effectiveness by enabling Web-
based administration across multiple AIX instances

Automatic Variable Page Size ● Improved performance with reduced administrative effort

* Supported only on Power™ Systems servers with POWER6 technology

** Also supported by AIX 5.3
For more information
For more information on AIX 6.1
releases and upgrade benefits,
contact your IBM representative or
IBM Business Partner or visit the
© Copyright IBM Corporation 2008
following Web sites:
● ibm.com/aix
● ibm.com/systems/power
All performance estimates are provided “AS IS”
and no warranties or guarantees are expressed
or implied by IBM. Buyers should consult other
sources of information, including system
benchmarks, to evaluate the performance of a
system they are considering buying.
1
More information on the binary compatibility of
AIX 6.1 can be found at ibm.com/systems/p/
os/aix/compatibility/.
IBM Corporation
Integrated Marketing Communications,
Systems and Technology Group
Route 100
Somers, NY 10589
Produced in the United States of America
April 2008
All Rights Reserved
This publication was developed for products
and/or services offered in the United States.
IBM may not offer the products, features or
services discussed in this publication in other
countries.
The information may be subject to change
without notice. Consult your local IBM business
contact for information on the products, features
and services available in your area.
All statements regarding IBM’s future direction
and intent are subject to change or withdrawal
without notice, and represent goals and
objectives only.
IBM, the IBM logo, AIX, AIX 5L, BladeCenter,
eServer, IntelliStation, Power, POWER,
POWER4, POWER5, POWER6, PowerVM,
Power Architecture, Power Systems, pSeries,
RISC Systems/6000, System i, System i5,
System p, System p5, Workload Partitions
Manager and z/OS are trademarks or registered
trademarks of International Business Machines
Corporation in the United States, other
countries or both. A full list of U.S. trademarks
owned by IBM may be found at:
ibm.com/legal/copytrade.shtml.
UNIX is a registered trademark of The Open
Group in the United States, other countries
or both.
Linux is a trademark of Linus Torvalds in the
United States, other countries or both.
Other company, product, and service names
may be trademarks or service marks of others.
IBM hardware products are manufactured from
new parts, or new and used parts. Regardless,
our warranty terms apply.
Photographs show engineering and design
models. Changes may be incorporated in
production models.
Copying or downloading the images contained
in this document is expressly prohibited without
the written consent of IBM.
Information concerning non-IBM products was
obtained from the suppliers of these products.
Questions on the capabilities of the non-
IBM products should be addressed with the
suppliers.
POD03007-USEN-00